[jboss-user] [JBoss Seam] - Re: External Client and Seam Security
http://jira.jboss.org/jira/browse/JBSEAM-2332 Cheers! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4109492#4109492 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4109492 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: External Client and Seam Security
I give up! Thanks a lot Shane for all your help. I wasn't able to use the interceptor you suggested. I tried to add it to the default stack by Component.forName(...).addInterceptor(...) but ended up with ArrayIndexOutOfBounds etc. My second try was to use a regular EJB3 interceptor which does the Seam login/logout and basically all the thing in SecurityInterceptor from Seam. It's really a copy of your code: | public class ExternalClientSecurityInterceptor { | | @AroundInvoke | public Object aroundInvoke(final InvocationContext theInvocationContext) | throws Exception { | | try { | // Perform a Seam login | this.doSeamLogin(); | | // Get the invoked method | final Method theInterfaceMethod = theInvocationContext.getMethod(); | | // TODO: optimize this: | // Check if there's a Seam @Restrict annotation on invoked method | final Object theTarget = theInvocationContext.getTarget(); | final Method theMethod = this.getComponent(theTarget) | .getBeanClass().getMethod(theInterfaceMethod.getName(), | theInterfaceMethod.getParameterTypes()); | final Restrict theRestriction = this.getRestriction(theMethod, | theTarget); | | // Perform security check if a restriction is found | if (null != theRestriction Identity.isSecurityEnabled()) { | final String theRestrictionExpression = !Strings | .isEmpty(theRestriction.value()) ? theRestriction | .value() : this.createDefaultExpr(theMethod, theTarget); | Identity.instance().checkRestriction(theRestrictionExpression); | } | return theInvocationContext.proceed(); | } finally { | | // Always logout after invocation | this.doSeamLogout(); | } | } | | private Component getComponent(final Object theTarget) { | // Get the Seam component name of the target class | final String theComponentName = Component.getComponentName(theTarget | .getClass()); | // Return the component | return Component.forName(theComponentName); | } | | private void doSeamLogin() { | Identity.instance().setUsername(user); | Identity.instance().setPassword(Demo987!); | Identity.instance().login(); | } | | private void doSeamLogout() { | Identity.instance().logout(); | } | | private Restrict getRestriction(final Method theMethod, | final Object theTarget) { | if (theMethod.isAnnotationPresent(Restrict.class)) { | return theMethod.getAnnotation(Restrict.class); | } else if (this.getComponent(theTarget).getBeanClass() | .isAnnotationPresent(Restrict.class)) { | if (!this.getComponent(theTarget).isLifecycleMethod(theMethod)) { | return this.getComponent(theTarget).getBeanClass() | .getAnnotation(Restrict.class); | } | } | return null; | } | | /** | * Creates a default security expression for a specified method. The method | * must be a method of a Seam component. | * | * @param theMethod | *The method for which to create a default permission expression | * @return The generated security expression. | */ | private String createDefaultExpr(final Method theMethod, | final Object theTarget) { | return String.format(#{s:hasPermission('%s','%s', null)}, this | .getComponent(theTarget).getName(), theMethod.getName()); | } | } | This enabled the recognition of the @Restrict(s:hasRole('user')) annotation on EJB methods. Next problem - the Drools rules doesn't seem to work. Well, they work if I run from the JSF's but not from my Quartz POJO job. I've tried to debug to see how and if my RuleBasedIdentity uses the rules but I got lost in the Drools code :-( At least I can see that the RuleBasedIdentity is created and that my Drools rule file is read. I'll guess I'll use default Java EE security and where I need more advanced security constraints I'll have to implement it myself... too bad. Is
[jboss-user] [JBoss Seam] - Re: External Client and Seam Security
About it being a common scenario or not... Given the following: - I'd like to have one single EJB Entity bean model for my application. - My EJB Entity beans is annotated with the @Restrict tag for use in Seam. - My Entity beans is configured to use Seam Entity Security (orm.xml). - I have a non-Seam client who uses the same Entity beans as Seam. Since my non-Seam client isn't authenticated through Seam, the Seam EntityListener will always throw AuthorizationException on Identity.instance().checkPermission(...). This was the initial problem which started the effort to login and use Seam security from non-Seam client. The application have both JSF clients and Quartz POJO clients using the same Entity beans which is (IMHO) not a very uncommon scenario :-) Anyways, I'll file it to JIRA. Thanks a lot Shane for the help! Cheers! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4109152#4109152 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4109152 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: External Client and Seam Security
Thank you. One step further... no more IllegalStateException. Instead the Identity doesn't seem to be populated with any subject/principals. The @Restrict annotation don't kick in, neither the Drools rules. Do you know if it's possible to make use of the Seam security if the Session Beans and Entity Beans is accessed from an external client? Cheers! Regards, Andreas View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4108090#4108090 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4108090 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - No ContextPolicy?
Hello, I've been playing with JBoss Security and currently I'm facing the following stacktrace: 21:38:40,598 WARN [JmxKernelAbstraction] jboss.j2ee:ear=sio.ear,jar=jboss-seam-2.0.0.GA.jar,name=EjbSynchronizations,service=EJB3 is not registered | 21:38:40,598 DEBUG [Ejb3Module] Starting failed jboss.j2ee:service=EJB3,module=jboss-seam-2.0.0.GA.jar | java.lang.RuntimeException: javax.security.jacc.PolicyContextException: No ContextPolicy exists for contextID=jboss-seam-2.0.0.GA.jar | at org.jboss.ejb3.Ejb3JmxDeployment.putJaccInService(Ejb3JmxDeployment.java:65) | at org.jboss.ejb3.Ejb3Deployment.start(Ejb3Deployment.java:365) | at org.jboss.ejb3.Ejb3Module.startService(Ejb3Module.java:91) | at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) | at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) | at sun.reflect.GeneratedMethodAccessor23.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) | at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) | at $Proxy0.start(Unknown Source) | at org.jboss.system.ServiceController.start(ServiceController.java:417) | at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) | at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) | at $Proxy33.start(Unknown Source) | at org.jboss.ejb3.EJB3Deployer.start(EJB3Deployer.java:512) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) | at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) | at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) | at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97) | at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238) | at org.jboss.ws.integration.jboss42.DeployerInterceptor.start(DeployerInterceptor.java:93) | at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.start(SubDeployerInterceptorSupport.java:188) | at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:95) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) | at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) | at $Proxy34.start(Unknown Source) | at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) | at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1015) | at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) | at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) | at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) | at
[jboss-user] [JBoss Seam] - Re: No ContextPolicy?
I'm stupid. I'd by mistake included the jboss-sx.jar in my EJB-JAR :-( Never mind this post. Cheers! Regards, Andreas View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4107888#4107888 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4107888 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - External Client and Seam Security
Hi, I've configured Seam to use drools in my security setup according to Seam docs, chapter 13. Everything works fine... I also have a QuartzInitializerServlet starting up jobs (POJO's): public void execute(final JobExecutionContext theJobExecutionContext) | throws JobExecutionException { | this.LOGGER.info(Executing job with description: | + theJobExecutionContext.getJobDetail().getDescription()); | | try { | UsernamePasswordHandler handler = new UsernamePasswordHandler( | user, Demo987!); | this.LOGGER.info(Login attempt...); | LoginContext lc = new LoginContext(client-login, handler); | lc.login(); | this.LOGGER.info(Login successful!); | // Any calls to secured resources now use the username/password | // identity | final EchoService service = (EchoService) new InitialContext() | .lookup(sio/EchoServiceBean/local); | final Echo echo = service.echo(); | this.LOGGER.info(Echo Message = ' + echo + '); | // Clear and restore the previous identity | this.LOGGER.info(Logout attempt...); | lc.logout(); | this.LOGGER.info(Logout successful!); | } catch (Exception e) { | e.printStackTrace(); | } | } The EJB method 'echo' is annotated with the Seam @Restrict annotation like this: @Restrict(#{s:hasRole('admin')}) My question is if it's possible to make the external JAAS login (from the Quartz job) to propagate to the Seam security framework? The described implementation doesn't work and throws IllegalStateException with the message that there is no active session context. Anyone done this before? Seam 2.0.0.GA and JBoss AS 4.2.1.GA Cheers! Regards, Andreas View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4107898#4107898 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4107898 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Re: Lazy byte array gets loaded on query
Solved it! Using a java.sql.Blob instead of byte array. Strange, because the docs says you could use both?! Anyways, problem has vanished :-) Cheers! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3973980#3973980 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3973980 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Lazy byte array gets loaded on query
Hello, I'm trying to specify a property in my entity bean (called Appendix) as lazy loaded by the following annotations: | @Lob | @Basic(fetch = FetchType.LAZY) | @Column(name = DOCUMENT, nullable = true) | public byte[] getDocument() { | return this.document; | } | What I want is that this property ISN'T loaded unless I access it within the scope of the entity manager. When I search for an Appendix entity bean in the database using a EJB-QL query like: | // Create traffic type query | final EntityManager theEntityManager = this.getEntityManager(); | final Query theTrafficTypeQuery = theEntityManager.createQuery(from Appendix a where a.trafficType = :trafficType); | theTrafficTypeQuery.setParameter(trafficType, theTrafficType); | final ListAppendix theAppendixes = theTrafficTypeQuery.getResultList(); | I can see in the JBoss log that the property DOCUMENT gets loaded anyway. | select appendix0_.APPENDIX_ID as APPENDIX1_0_, appendix0_.START_DATE as START2_0_, appendix0_.DESCRIPTION as DESCRIPT3_0_, appendix0_.DOCUMENT as DOCUMENT0_, appendix0_.EXTENSION_ID as EXTENSION9_0_, appendix0_.CREATE_DATE as CREATE5_0_, appendix0_.PAGE_ID as PAGE6_0_, appendix0_.PRODUCT_ID as PRODUCT7_0_, appendix0_.STOP_DATE as STOP8_0_ from APPENDIX appendix0_ where appendix0_.PRODUCT_ID=? | Does anyone know how I get my byte array property lazy loaded? If I understand it correct, loading lazy loaded entities should use the EntityManager method getReference(...), but in my case I load the entities using a query. In the following Hibernate reference docs I've read something about instrumentation, is it really necessary? http://www.hibernate.org/hib_docs/v3/reference/en/html_single/#performance-fetching-lazyproperties. I've really tried to search the forum but doesn't find anything useful. I'm using JBoss 4.0.4 GA and EJB3.0RC6. Regards, Andreas View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3973531#3973531 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3973531 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Re: Lazy byte array gets loaded on query
Hi Stefan and thanks for your answer! So, creating another table for the blob and referencing it from my Appendix entity is the way to do it right now? That sucks! :-( Well, I hope they fix it soon... Thank you anyways! Regards, Andreas View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3973537#3973537 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3973537 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user